Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv6

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    1 Posts 1 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      george
      last edited by

      Since my pfSense box is based on FreeBSD 6.2, it has all the IPv6 capability it needs built into the kernel.  I've written a script to give the appropriate ifconfig commands, and to use sed to modify /tmp/rules.debug to fix up the pf rules.  I scp the script into /tmp and then execute it.  I hope this posts, because your preview button is showing me a blank page.  Comments, please?

      #!/bin/sh

      Set up gif interface and IPv6-over-IPv4 tunnel

      ifconfig gif0 create
      ifconfig gif0 tunnel aaa.bbb.ccc.ddd eee.fff.ggg.hhh
      ifconfig gif0 inet6 2001:jjj:kkk:lll::16 prefixlen 64

      Add IPv6 alias to local interface

      ifconfig vr0 inet6 2001:xxx:yyy::14 prefixlen 64
      ifconfig vr0 inet6 alias 2001:xxx:yyy::fd prefixlen 128

      Set default IPv6 route

      route add -inet6 default 2001:jjj:kkk:lll::15

      Add gateway alias to local interface

      #ifconfig vr0 inet alias 10.100.0.253 netmask 0xffffffff
      #ifconfig vr0 inet6 alias 2001:xxx:yyy::fd

      Edit pf rules

      rm -f rules.sed rules.modified

      cat - <<"EOF" >rules.sed
      /User Aliases/c\

      User Aliases\

      int_if="vr0"
      gif_if="gif0"
      internal_ipv6="2001:xxx:yyy::/120"
      internal_ipv6_aliases="2001:xxx:yyy::/112"
      table <time>{ 10.100.0.246, 2001:xxx:yyy::f6 }
      table <mail>{ 10.100.0.247, 2001:xxx:yyy::f7 }
      table <dns>{ 10.100.0.249, 2001:xxx:yyy::f9 }
      table <www>{ 10.100.0.250, 2001:xxx:yyy::fa }
      table <ssh>{ 10.100.0.251, 2001:xxx:yyy::fb }
      table <moo>{ 10.100.0.252, 2001:xxx:yyy::fc }
      /pass.*10.100.0.246/s/10.100.0.246/<time>/
      /pass.*10.100.0.247/s/10.100.0.247/<mail>/
      /pass.*10.100.0.249/s/10.100.0.249/<dns>/
      /pass.*10.100.0.250/s/10.100.0.250/<www>/
      /pass.*10.100.0.251/s/10.100.0.251/<ssh>/
      /pass.*10.100.0.252/s/10.100.0.252/<moo>/
      /USER_RULE: Default LAN/c
      pass quick on $int_if proto ipv6-icmp from any to any
      pass in quick on $gif_if proto ipv6-icmp from any to $internal_ipv6
      pass out quick on $gif_if proto ipv6-icmp from $internal_ipv6 to any
      block drop quick from any to $internal_ipv6
      pass quick proto { tcp, udp } from any to $internal_ipv6_aliases port http
      pass quick proto icmp from any to any
      pass quick proto ipv6-icmp from any to any
      EOF
      sed -f rules.sed rules.debug >rules.modified

      pfctl -f rules.modified</moo></ssh></www></dns></mail></time></moo></ssh></www></dns></mail></time>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.